In done by the use of a

In this paper we are perform
encryption using blowfish algorithm using salt and we . The blowfish algorithm
is used for encryption of the data and it converts a 64 bit block of input to a
64 bit cypher text. This conversion is done by the use of a key which is of predefined
length of 32-448 bits. Normally the basic algorithm consists of 16 rounds in a
single process, but to reduce the time of the conversion and password matching
we are proposing to use only 10 rounds in the conversion of data to cypher
text. This is very minor change but the actual impact of saving 6 rounds is
huge. This will make the process faster and it will still be unbreakable.

This decision is made on the
experimental basis as it is defined that the number of rounds increases the
security and the level of security but only up to certain level. After the
threshold number of rounds is completed, it does not depend on how many rounds
are made after the last round. It will only increase the time it will require to
encrypt the data and the feasibility will be decreased. If we only use the
threshold number of rounds, it will be time efficient without compromising the
security of the algorithm.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

So we are proposing the use of 10
rounds in the algorithm. It will save 6 rounds for every time the user tries to
register to the website or he tries to login into the website. This will be for
all the users. It will save the server processing time. The benefit of this
algorithm depends on the number of users present in the company’s database. If the
users are less, then the benefit will be quiet low but on the other hand if the
number of users will be more than the benefit will be fairly high.

Another approach we are proposing
is the use of salt in the password before the encryption. The password is
usually of a limited length of 10-15 characters. We have proposed to add a
static salt of 22 characters so that we can ensure the safety of all the other
clients if one of the passwords is able to be broken. If a malice user is able
to break any one of the user’s password, it will have a lot of probability that
it will be able to generate a pattern to crack all the passwords by generating
a key and the security of all the users will be at a risk then.

This problem can be prevented by
the help of this salt. We can use a string of a particular length that will be
kept secret and will be prevented to be accessed by anyone other than authorized
people. This salt will be added to the password entered by the user and this
concatenated string will be used for the encryption. The cypher text generated
by this concatenated string will be stored in the database and this will be
used to authorize the user when he/she tries to login to the website.

The secrecy of this salt will be a
concern. It should be kept secret with the company as user’s security will be depending
on this. If the malice user or any user other than the authorized one gets the
access of this salt string, then he can make it public and then all the
passwords of the users will be at a risk. The prevention will require company
to generate hashed password for every user once again. The security of the new salt
will also be needed to be kept in mind. It should again be accessed by the authorized
personnel only.

The length of the salt will be
another concern. If it is too long and it increases the length of the total password
more than 64 bits, then it will be great issue. As we know that the blowfish
will be converting only 64 bit block on a single core, so, if the length of the
password is greater than 64 bits, then it will require one more cycle of the
blowfish to produce the cypher text which will increase the processing time by
two fold. Then the blowfish will require more cycles per match. Every match
will increase the time and it will decrease the response time of the users. This
will decrease the user experience.

So the length of the salt should
be such that it does not increase the length of the total concatenated string
to be more than 64 bits. We propose a length of 22 chars. This will be a fairly
good length for making the website secure and encryption and matching fast. So,
at last the conclusion is the use of 10 rounds and 22 character salt. These two
measures will make the implementation of the blowfish fast and more secure at
the same time.